But what about in healthcare, an industry that is traditionally slow to adopt new technologies? Are healthcare CIOs embracing the cloud like their counterparts from other industries, or are they bucking the trends and shying away?

To find out, Imprivata surveyed 211 IT decision makers in the U.S. healthcare industry as part of our 2013 Desktop Virtualization Trends in Healthcare report, Imprivata’s third-annual survey about the adoption rates and benefits of desktop virtualization (and this year, cloud-based applications) in healthcare (download the complete 2013 Desktop Virtualization Trends in Healthcare report here).

At first blush, the use of cloud-based applications and services in healthcare is up significantly from last year’s survey—30 percent of respondents state that they use cloud computing today (as compared with just nine percent from the 2012 Desktop Virtualization Trends in

Healthcare study). In particular, storing protected health information (PHI) in the cloud is becoming more commonplace, with 40 percent of respondents that use cloud services saying they store PHI in the cloud today (up from nine percent from last year’s survey).

But while the use of cloud-based services and applications in healthcare is increasing, 71 percent of organizations currently using cloud computing work with only one or two different vendors. This indicates that those healthcare providers adopting cloud services are doing so cautiously.

As for the reasons why, it could partially be because despite working with a limited number of vendors, 16 percent of healthcare respondents using cloud computing services today do not have HIPAA Business Associate Agreements (BAA) in place with all of their vendors.

Further, for healthcare organizations that have no plans to adopt cloud computing, security remains the top concern (not surprisingly), but 17 percent of survey respondents cite the primary reason why they have no plans to move to the cloud as “vendors do not offer HIPAA Business Associate Agreements.”

With the September 23 deadline to comply with the HIPAA Omnibus Rule looming, BAAs become critically important. As the findings of this study indicate, cloud services vendors need to be willing to sign HIPAA BAAs if they want to capitalize on what seems to be an increasing willingness amongst healthcare IT administrators to embrace cloud computing as part of their IT mix.